CICADA 3301 2014 PUZZLE FACTS PART 3
Public Service Announcement: Please post only significant leads. Negative results of various tests should not be posted here. Please make this article noob-friendly. Provide brief explanations and links to further resources. If you have a large amount of data to share, please create a separate page and link to it in this article. If you are making edits, edit only that subsection and not the entire page. This page also serves to document our current progress. Place relevant new discoveries on this page. Part one of Cicada 3301 2014 can be found 'here. '''Part two of Cicada 3301 2014 can be found 'here Your help is greatly appreciated; but please use as many Headings2 as you can, to brake long document in smaller chunks. By placing in Headeing2 that section gets its own edit button (next to heading), try to put new header ever height of one screen; reason for doing this is in easier editing. You can edit only smaller chunks without having code of whole document on one screen, it also prevents collisions, since many authors can edit text under different Headers at same time and not cause collisions. Also KEEP IN CODE FORM ALL STRINGS WE GOT FROM OUTGUESS! SO they are searchable in wikia! ALSO DONT DELETE MULTIPLE LINKS TO SAME PASTA, THOSE PASTAS ARE NOT FOREVER; WE NEED THEM AS BACKUPS; KEEP AS MANY DIFFERENT LINKS(PASTEBIN, PASTEE, INFOTOMB...) IN WIKIA AS POSSIBLE ALSO DO NOT DELETE THINGS THAT MIGHT BE POSSIBLE HINTS FOR NEXT STEP, even it they does not seem important ATM it might be relevant later. Thx everyone for contributing. For discuson on questions about wiki managing PM me in #CicadaWiki on freenode IRC Lurker69 CICADA 3301 2014 PUZZLE FACTS PART 3 Part three of Cicada 3301 2014 ''' '''NEWS AND CURRENT PROGRESS 2014 MENU OF SUBPAGES (feel free to create more)Main pages: *'MAIN CICADA 3301 2014 PAGE PART 3/3' CURRENT PROGRESS *'MAIN CICADA 3301 2014 PAGE PART 2/3 ' DISCONTINUED' *'MAIN CICADA 3301 2014 PAGE PART 1/3' DISCONTINUED *'Subpages:' : XOR 2014 TIPS : LOGS ABOUT HOW WE FOUND LINODE SERVER OF ONION 3 : Logs about data string from ONION 3 SERVER-STATUS page : THEORIES ABOUT 3301.JPG FROM ONION 1 : THINGS THAT HAD BEEN XORED 'SOLUTION OF RUNES WARNING FROM ONION 2 ver 2' ---- SOLUTION A warning! believe nothing from this book. Except what you know to be true. Test the knowledge, find your truth, experience your death. Do not edit or change this book. Or the message contained within. Either the words or their numbers For all is sacred! ---- "• teach followers to "Find a death every day." from Warning pastein: http://pastebin.com/dHJ6JNkr 5 GRAM MESSAGE FROM XORED STRINGS https://gist.github.com/numinit/4cd82eba206a8af9561c outguess jpg1 XOR outguess jpg2 XOR outguessjpg3 = ' IDGTK UMLOO ARWOE RTHIS UTETL HUTIA TSLLO UIMNI TELNJ 7TFYV OIUAU SNOCO 5JI4M EODZZ Good luck. 3301 Solution was posted in comment in this article: LINK TO COMMENT ---- SOLUTION OF 5 GRAM MESSAGE Column Transposition Ciper Used - 14 Columns, 5 Rows (70 Characters) IDGTK UMLOO ARWOE RTHIS UTETL HUTIA TSLLO UIMNI TELNJ 7TFYV OIUAU SNOCO 5JI4M EODZZ IS: GOOD WORK ULTIMATE TRUTH IS THE ULTIMATE ILLUSION JOINUS AT FV7LYUCMEOZZD5J4ONIO (N is missing) Using a Column Transposition helper site - http://tholman.com/other/transposition/ (to use the transposition site you must remove the spaces so the ciphered text is: IDGTKUMLOOARWOERTHISUTETLHUTIATSLLOUIMNITELNJ7TFYVOIUAUSNOCO5JI4MEODZZ) http://imgur.com/eWUapuz Then I ordered into columns: *I tried 5 colums, 7 colums, 10 columns, 14 colums and 35 colums, 14 is the only one that produces results. By using a column transposition cipher, with 14 columns wide, ( http://tholman.com/other/transposition/ ) and reordering the columns to the following order: 2 8 9 1 12 13 11 4 5 7 3 0 6 10 (I visually rearranged to form words on the first row): '''GOOD WORK ' '''ULTIMATE TRUTH IS THE ULTIMATE ILLUSION (found some Descartes references to this) JOIN US AT FV7LYUCMEOZZD5J4 ONIO (missing n to get to fv7lyucmeozzd5j4.onion) CW *So the 00 20 35 time does that mean Midnight 20:35AM or PM, maybe this is the time we are supposed to log onto the site? *00 20 35 is a 24 hour clock so it will be 12:20:53 AM *follow whatever time the twitter is using *https://twitter.com/1231507051321 *'NEEDED TIMESTAMP' ONION 3 VER 2 onion updated 05:50 GMT >>>>>>> https://fv7lyucmeozzd5j4.to/ https://fv7lyucmeozzd5j4.onion.to/ https://fv7lyucmeozzd5j4.tor2web.org/ >>>>>>>> HTML SOURCE: 87de5b7fa26ab85d22... (string is growing with time) THIS STRING IS ALSO GROWING WTH TIME JUST LIKE ONOE ON ONON 2 VER 1 DID CURRENT STATUS OF STRING * 9.1. 2014 05:48 GMT: 87de5b7fa26ab85d2256c453e7f5bc *8:52am GMT: 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee743297817febd7741 *7:32 AM Eastern Standard Time: 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee743297817febd7741ededf07ca0c7e8b1788ea4131441a8f71c6394 *post more timestamps (IN GMT or add your timezone) *post more timestamps (IN GMT or add your timezone) BOT LOGGING PROGRESS OF STRING We have bot that logs in IRC and reports every change *Entropy is his nick, numinit is managing it *http://pastebin.com/QKsB2K68 GMT +1 **all his updates in #3301linux since 06:46AM until 12:54AM 9.1.2014 GMT NEW BYTE: 3a, 16 bytes, 32 chars, min: 22, max: f5, avg: 140.0625 (8c), stdev: 63.2332 (3f), entropy: 4.0000 bits/byte, modified: 2014-01-09 05:54:01 UTC (15 minutes, 0.000 seconds) GMT NEW BYTE: c7, 17 bytes, 34 chars, min: 22, max: f5, avg: 143.5294 (90), stdev: 62.8931 (3f), entropy: 4.0875 bits/byte, modified: 2014-01-09 06:12:01 UTC (18 minutes, 0.000 seconds) GMT NEW BYTE: f2, 18 bytes, 36 chars, min: 22, max: f5, avg: 149.0000 (95), stdev: 65.1503 (41), entropy: 4.1699 bits/byte, modified: 2014-01-09 06:15:01 UTC (3 minutes, 0.000 seconds) GMT NEW BYTE: 78, 23 bytes, 46 chars, min: 22, max: f5, avg: 140.6522 (8d), stdev: 67.1718 (43), entropy: 4.4366 bits/byte, modified: 2014-01-09 06:54:01 UTC (12 minutes, 0.000 seconds) --->HERE WE GOT THAT RUNES MESSAGE ON SERVR -STATUS PAGE, THEN ONION INDEX.HTML BEIGN TO UPDATE AGAIN GMT NEW BYTE: bd, 26 bytes, 52 chars, min: 17, max: fe, avg: 142.3462 (8e), stdev: 71.4493 (47), entropy: 4.6235 bits/byte, modified: 2014-01-09 08:27:01 UTC (30 minutes, 0.000 seconds) GMT NEW BYTE: 77, 27 bytes, 54 chars, min: 17, max: fe, avg: 141.4815 (8d), stdev: 70.2521 (46), entropy: 4.6808 bits/byte, modified: 2014-01-09 08:33:01 UTC (6 minutes, 0.000 seconds) GMT NEW BYTE: 41, 28 bytes, 56 chars, min: 17, max: fe, avg: 138.7500 (8b), stdev: 70.4311 (46), entropy: 4.7359 bits/byte, modified: 2014-01-09 08:39:01 UTC (6 minutes, 0.000 seconds) GMT NEW BYTE: ed, 29 bytes, 58 chars, min: 17, max: fe, avg: 142.1379 (8e), stdev: 71.4904 (47), entropy: 4.7890 bits/byte, modified: 2014-01-09 09:27:01 UTC (48 minutes, 0.000 seconds) GMT NEW BYTE: ed, 30 bytes, 60 chars, min: 17, max: fe, avg: 145.3000 (91), stdev: 72.3220 (48), entropy: 4.7736 bits/byte, modified: 2014-01-09 09:30:01 UTC (3 minutes, 0.000 seconds) GMT NEW BYTE: f0, 31 bytes, 62 chars, min: 17, max: fe, avg: 148.3548 (94), stdev: 73.0870 (49), entropy: 4.8252 bits/byte, modified: 2014-01-09 09:45:01 UTC (15 minutes, 0.000 seconds) GMT NEW BYTE: 7c, 32 bytes, 64 chars, min: 17, max: fe, avg: 147.5938 (94), stdev: 72.0607 (48), entropy: 4.8750 bits/byte, modified: 2014-01-09 10:00:01 UTC (15 minutes, 0.000 seconds) GMT NEW BYTE: a0, 33 bytes, 66 chars, min: 17, max: fe, avg: 147.9697 (94), stdev: 70.9923 (47), entropy: 4.9232 bits/byte, modified: 2014-01-09 10:06:01 UTC (6 minutes, 0.000 seconds) GMT NEW BYTE: c7, 34 bytes, 68 chars, min: 17, max: fe, avg: 149.4706 (95), stdev: 70.4699 (46), entropy: 4.9110 bits/byte, modified: 2014-01-09 10:15:01 UTC (9 minutes, 0.000 seconds) GMT NEW BYTE: e8, 35 bytes, 70 chars, min: 17, max: fe, avg: 151.8286 (98), stdev: 70.8037 (47), entropy: 4.9579 bits/byte, modified: 2014-01-09 10:27:01 UTC (12 minutes, 0.000 seconds) keep few empty lines here SO NEXT CIPHERTEXT TO SOLVE IS : Onion stoped updating at 46 charactrs *at Thursday, January 09, 2014 6:54:01 AM (server time? idk what time is in page info) *http://prntscr.com/2hs3zv (screenshot at 07:25 GMT) 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee743297817febd7741ededf07ca0c7e8 SOLUTION ????? POST HERE YOUR THOUGHTS: *it is hash string! NO! *Random bytes, just like the first growing string. Might be of use later, but we'll probably just have to wait for the string to finish and Cicada to change the site like they did with the first one. as of 10:19PM PST; 87de5b7fa26ab85d2256c453e7f5bc3ac7f2 as of 7:49 CET (GMT+1): 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee74329 As of 9:07 SAST (South African Std Time) it is: 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee7432978 as of 07:22 GMT : 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee7432978 as of 07:52 GMT : 87de5b7fa26ab85d2256c453e7f5bc3ac7f25ee743297817 keep empty lines here 'WE "FOUND" onion/server-status THAT IS LEAKING ITS LINODE ADRESS:' AND PUBLICLY POSTING ALL OUR IPS ADDRESS: *http://fv7lyucmeozzd5j4.onion/server-status *https://fv7lyucmeozzd5j4.onion.to/server-status *https://fv7lyucmeozzd5j4.tor2web.org/server-status Which is a server status page in Apache, found by Taiiwo's dirbuster http://jsfiddle.net/4LjAA/1/ source! NEED SREENSHOT SEVER IS LOGGING ALL YOUR IPS THAT CAN BE PUBLICLY ACCESABLE *LOG FILE FROM 9.1. 2014. 06:17 GMT http://pastebin.com/ZRJhYgGP *onion.onion/server-status http://pastebin.com/je6Yudvh *http://82.9.41.159/html/user/ Taiiwos web page * http://fv7lyucmeozzd5j4.onion/.htaccess HERE ARE SOME LOGS WHERE EXPLAINING MAGIC BEHIND THIS !!! WE NEED EASY STEP BY STEP EXPLANATION HOW THIS WAS FOUND AND DONE, AND I MEAN AS EASY THAT JOURNALISTS CAN UNDERSTAND AND REPRODUCE IT !!! FOR NOW WE DONT HAVE DECENT PARAGRAPH EXPLAINING IT SO HELP YOURSELF WITH THIS LOGS: LOGS ABOUT HOW WE FOUND LINODE SERVER OF ONION 3 note that we had to DOX Clearnet IP of onion server in 2013 also. SOON AFTER STRING STOPPED UPDATING AND WE DFOUND NEW THINGS ON SERVER STATUS PAGE This means that cicada noticed we found that logs on server! We got new stuff form the server status (cca 07:18 GMT) SOME WISDOM: THE PRIMES ARE SACRED THE TOTIENT FUNCTION IS SACRED ALL THNGS SHOULD BE ENCRYPTED KNOW THIS: 272 138 shadows 131 151 aethereal buffers uoid carnal 18 226 obscure form 245 mobius 18 analog uoid mournful aethereal 151 131 cabal 138 272 Euler's totient function is equal to the number of integers inferior to N and having no common divisor with N. For example, T(6) = 2 because only 1 and 5 are prime, and does not divide 6. http://i.imgur.com/b2XLHxg.jpg http://i.imgur.com/wRSoiPx.jpg We got new stuff form the server status (cca 07:18 GMT) SOME WISDOM THE PRIMES ARE SACRED THE TOTIENT FUNCTION IS SACRED ALL THNGS SHOULD BE ENCRYPTED That appears to be the first paragraph of first image. *this is actualy 2 images i.e. if you reverse the file you get the same image byte for byte However, if you diff the two, you'll find out of band data that's between the images * what is secnd image? it's the same byte for byte i.e. if you flip http://static2.wikia.nocookie.net/__cb20140109073114/uncovering-cicada/images/6/62/Onion_3_v3.jpg you'll get the same image byte-for-byte there is no outguess FINAL RESULT: 272 138 341 131 151 366 199 130 320 18 226 245 91 245 226 18 320 130 199 366 151 131 341 138 272 https://infotomb.com/99694.txt This 5x5 matrix is also imbeded in between the two images found on server-status. How we got that: u dump hex > bin twice to get it converting this data to binary again https://fv7lyucmeozzd5j4.onion.to/server-status ^ Apache Status ^ http://i.imgur.com/b2XLHxg.jpg http://i.imgur.com/wRSoiPx.jpg BELLOW THIS LINE WE ARE STILL A BIT CONFUSED AND UNEDITED M'KAY? BEGINNING OF REASONABLE EXPLANATION As far I understand long string on updated SERVER-STATUS PAGE are two images, same one one from top secon d from bottom and reversed. Just like it was on onion 2. But in between there was chunkg of data (we call that OOB TABLE) . Should be in th logs bellow. That chunk of data is after some hex>bin magic the same as 5X5 table in second paragraph of jpg. Ppl say that second paragraph doesnt mean anything, its only words, and i dont know. To replace runes with numbers we can do OOB TABLE hex>bin magic, or we can simply count runes values from gematria primus. (note this is just how i imagine it based on info i gathered, i dont have time to check if all this is true; if you know more pls fix that aritcle -Lurk) ----->>>'Logs about data string from ONION 3 SERVER-STATUS page'<<<----- IDEAS HINTS SUGGESTIONS... For what it is worth, the 5x5 matrix (runes converted to numbers) is a Centrosymmetric matrix. Perhaps someone knows better than me how this relates to an encryption key. Also, references to TOTIENT and MOBIUS point to RSA encryption (according to Wikipedia), but this is general theme anyway. Perhaps Centrosymmetric, TOTIENT function (phi function), Mobis function rings a bell with someone. NEXT STEP text here NEXT STEP text here NEXT STEP GOES HERE For Every Thing That Lives Is Holy BELLOW HIT LINE ARE THINGS WE FOUND AND DIDNT LEAD ANYWHERE SO FAR, DO NOT DELETE THEM SINCETHEY MIGHT BE VALUABELE IN FURURE ---- ---- ---- ANOTHER INTERESTING THING CICADA USES DIFERENT PORT FOR EVERY onion Apache Server at auqgnxjtvdbll3pv.onion Port 5240 Apache Server at cu343l33nqaekrnw.onion Port 5241 Apache Server at fv7lyucmeozzd5j4.onion Port 5242 To see POT number just enter nonexisten link after valid onion url: (Maybe the same Server? Would make sense from cicadas view) 'PPL FOUND THAT ONION IS LEAKING IS LINODE ADRESS:' AND PUBLICLY POSTING ALL OUR IPS AND LOGGING ALL YOUR IPS THAT CAN BE PUBLICLY ACCESABLE: LOG FILE FROM 9.1. 2014. 06:17 GMThttp://pastebin.com/ZRJhYgGP 04:44 Lurker69, onion.onion/server-status http://pastebin.com/je6Yudvh THIS IW WAHT TAIIWOO MADE http://82.9.41.159/html/user/ WAT? 06:05 http://fv7lyucmeozzd5j4.onion/.htaccess 06:05 http://fv7lyucmeozzd5j4.onion/server-status is where i'm pulling from 202.117.120.16 --> li676-95.members.linode.com (?) https://infotomb.com/t6exe zip file of html server-status pages since 03:31 GMT+1 fetched every 3sec, 9Mo, TTL=1month. HERE IS SOME MAGIC HAW THAT WAS DONE !!DO NOT DELETE ANY LOGS UNTIL WE HAVE EASY STEP BY STEP EXPLANATION HOW THIS WAS FOUND AND DONE, AND I MEAN AS EASY THAT JOURNALISTS CAN UNDERSTAND AND REPRODUCE IT !!! FOR NOW WE DONT HAVE DECENT PARAGRAPH EXPLAINING IT SO HELP YOURSELF WITH THIS LOGS: LOGS ABOUT HOW WE FOUND LINODE SERVER OF ONION 3 note that we had to DOX Clearnet IP of onion server in 2013 also. TIMESTAMPS OF UPLOADED BYTES All are in multiples of 3, it messed up by one second one time and corrected itself. We missed the first 28 digits. If you have them and their timestamp, please feel free to add them. 00:39 NEW BYTE: bc, 15 bytes, 30 chars, min: 22, max: f5, avg: 145.5333 (92), stdev: 61.5314 (3e), entropy: 3.9069 bits/byte, modified: 2014-01-09 05:39:01 UTC (6 minutes, 0.000 seconds) 00:54 NEW BYTE: 3a, 16 bytes, 32 chars, min: 22, max: f5, avg: 140.0625 (8c), stdev: 63.2332 (3f), entropy: 4.0000 bits/byte, modified: 2014-01-09 05:54:01 UTC (15 minutes, 0.000 seconds) 01:12 NEW BYTE: c7, 17 bytes, 34 chars, min: 22, max: f5, avg: 143.5294 (90), stdev: 62.8931 (3f), entropy: 4.0875 bits/byte, modified: 2014-01-09 06:12:01 UTC (18 minutes, 0.000 seconds) 01:15 NEW BYTE: f2, 18 bytes, 36 chars, min: 22, max: f5, avg: 149.0000 (95), stdev: 65.1503 (41), entropy: 4.1699 bits/byte, modified: 2014-01-09 06:15:01 UTC (3 minutes, 0.000 seconds) 01:21 NEW BYTE: 5e, 19 bytes, 38 chars, min: 22, max: f5, avg: 146.1053 (92), stdev: 64.5909 (41), entropy: 4.2479 bits/byte, modified: 2014-01-09 06:21:01 UTC (6 minutes, 0.000 seconds) 01:24 NEW BYTE: e7, 20 bytes, 40 chars, min: 22, max: f5, avg: 150.3500 (96), stdev: 65.6180 (42), entropy: 4.2219 bits/byte, modified: 2014-01-09 06:24:02 UTC (3 minutes, 1.000 seconds) 01:36 NEW BYTE: 43, 21 bytes, 42 chars, min: 22, max: f5, avg: 146.3810 (92), stdev: 66.4512 (42), entropy: 4.2971 bits/byte, modified: 2014-01-09 06:36:01 UTC (11 minutes, 59.000 seconds) 01:42 NEW BYTE: 29, 22 bytes, 44 chars, min: 22, max: f5, avg: 141.5909 (8e), stdev: 68.5338 (45), entropy: 4.3685 bits/byte, modified: 2014-01-09 06:42:01 UTC (6 minutes, 0.000 seconds) 01:54 NEW BYTE: 78, 23 bytes, 46 chars, min: 22, max: f5, avg: 140.6522 (8d), stdev: 67.1718 (43), entropy: 4.4366 bits/byte, modified: 2014-01-09 06:54:01 UTC (12 minutes, 0.000 seconds) 02:27 NEW BYTE: 17, 24 bytes, 48 chars, min: 17, max: f5, avg: 135.7500 (88), stdev: 69.8339 (46), entropy: 4.5016 bits/byte, modified: 2014-01-09 07:27:01 UTC (33 minutes, 0.000 seconds) 02:57 NEW BYTE: fe, 25 bytes, 50 chars, min: 17, max: fe, avg: 140.4800 (8c), stdev: 72.2402 (48), entropy: 4.5639 bits/byte, modified: 2014-01-09 07:57:01 UTC (30 minutes, 0.000 seconds) MORE WILL BE PUBLISHED AS SOON AS WE WILL FIND IT ---- Progress of PUZZLE is above this title ---- Keep this empty space here, so ppl know that XOR hints below are just hints not actual progress. Progress of PUZZLE is above this title LINKS AND THINGS RELATED TO XORING This Article was moved to 2014 TIPS XOR TIPS 2014 SUBPAGE Progress of PUZZLE is above this title